Skip to main content
Skip table of contents

Pattern 4 : PIX Traffic

Classification

Rule NameRule TypeCommon EventClassification
PIX-X-107001 : RIP Auth FailedSub RuleAuthentication Failure ActivityAuthentication Failure
PIX-X-713145 : Det Client in Net Extension ModeSub RuleVPN Session InformationInformation
PIX-X-305007 : Orphan IP AddressSub RuleOrphan IP on InterfaceInformation
PIX-X-609002 : Teardown Localhost InterfaceSub RuleConnection TeardownNetwork Traffic
PIX-X-201006 : RCMD Backconnection FailedSub RuleRCMD Backconnection FailedError
PIX-X-212004 : Unable to Send SNMP ResponseSub RuleUnable to Send an SNMP ResponseError
PIX-X-304004 : URL Server Request FailedSub RuleURL Server Request FailedError
PIX-X-304003 : URL Server Timed OutSub RuleURL Server Request FailedError
PIX-X-304005 : URL Server Request PendingSub RuleURL Server Request PendingInformation
PIX-X-201005 : FTP Data Connection FailedSub RuleFTP Data Connection FailedError
PIX-X-304007 : URL Server Not RespondingSub RuleURL Server Not RespondingError
PIX-X-304006 : URL Server Not RespondingSub RuleURL Server Not RespondingError
PIX-X-606003 : PDM Logging Session StartedSub RuleProcess/Service StartedStartup and Shutdown
No Matching Record for ICMP Error MessageSub RuleNo Matching Connection for ICMP Error MessageWarning
ASA-4-313005 : ICMP Error MessageSub RuleNo Matching Connection for ICMP Error MessageWarning
PIX-X-210006 : LU Look NATSub RuleStatefull FailoverWarning
PIX-X-718002 : Create Peer FailedSub RuleTunnel Creation FailureError
PIX-X-713226 : Connection FailedSub RuleTunnel Creation FailureError
PIX-X-213002 : PPTP Tunnel Hashtable Insert FailedSub RuleTunnel Creation FailureError
PIX-X-409002 : External LSA NetmaskSub RulePeer Forwarding Stopped - VLAN Not FoundError
PIX-X-319002 : Acknowledge for Route Update Not RxSub RuleAcknowledge for Route Update Not ReceivedWarning
PIX-X-319003 : ARP Update FailedSub RuleARP Update FailedWarning
PIX-X-319001 : Acknowledge for ARP Update Not RxSub RuleAcknowledge for ARP Update Not ReceivedWarning
PIX-X-319004 : Route Update FailedSub RuleRoute Update FailedWarning
PIX-X-109017 : User Exceeded Proxy LimitSub RuleProxy Limit ExceededWarning
PIX-X-201009 : TCP Connection Limit ExceededSub RuleTCP Connection Limit ExceededWarning
PIX-X-201002 : Too Many TCP ConnectionsSub RuleTCP Connection Limit ExceededWarning
PIX-X-201004 : Too Many UDP ConnectionsSub RuleUDP Connection Limit ExceededWarning
PIX-X-315005 : SSH Session Limit ExceededSub RuleSSH Session Limit ExceededWarning
PIX-X-317002 : Bad Path IndexSub RuleBad Path IndexError
PIX-X-713147 : Terminating TunnelSub RuleTerminating TunnelInformation
PIX-X-713135 : Tunnel RedirectedSub RuleTunnel RedirectedInformation
PIX-X-324006 : Tunnel Limit ExceededSub RuleTunnel Limit ExceededWarning
PIX-X-309004 : Manager Session Limit ExceededSub RuleTelnet Session Limit ExceededWarning
PIX-X-307004 : Telnet Session Limit ExceededSub RuleTelnet Session Limit ExceededWarning
PIX-X-312001 : RIP Header FailedSub RuleRIP Header FailedInformation
PIX-X-409001 : Database Scanner Is LostSub RuleUnexpected ConditionInformation
PIX-X-409004 : Received Request from Unknown HostSub RuleRequest Packet Received from Unknown HostNetwork Traffic
PIX-X-409012 : Det Router With Duplicate Router IDSub RuleGeneral Hello Packet WarningWarning
PIX-X-604101 : DHCP Client Allocated IPSub RuleDHCP Client Address AllocatedInformation
PIX-X-606002 : PDM Session EndedSub RuleSession EndedOther Audit Success
PIX-X-609001 : Built Localhost InterfaceSub RuleBuilt Localhost InterfaceNetwork Traffic
PIX-X-718003 : Got Unknown Peer MessageSub RuleGeneral Load Balancing MessageInformation
PIX-X-611315 : Disconn from Load Balancing ClusterSub RuleGeneral Load Balancing MessageInformation
PIX-X-613001 : Checksum Failure in DBSub RuleChecksum WarningWarning
PIX-X-613003 : Netmask ChangedSub RuleNetmask ChangedInformation
PIX-X-713004 : Device Scheduled for RebootSub RuleDevice Scheduled for RebootWarning
PIX-X-713006 : Failed to Obtain StateSub RuleFailed to Obtain StateWarning
PIX-X-713122 : Keepallives Configured But Not on PESub RuleKeep-Alive Configuration WarningWarning
PIX-X-713128 : Connection Attempt RedirectedSub RuleConnection Attempt Re-directedWarning
PIX-X-713212 : Could Not Add RouteSub RuleRoute Creation FailedWarning
PIX-X-713205 : Could Not Add RouteSub RuleRoute Creation FailedWarning
PIX-X-713146 : Could Not Add RouteSub RuleRoute Creation FailedWarning
PIX-X-713211 : Adding Static RouteSub RuleRoute CreatedInformation
PIX-X-713213 : Deleting Static RouteSub RuleRoute DeletedInformation
PIX-X-713214 : Could Not Delete Static RouteSub RuleRoute Removal FailureWarning
PIX-X-718016 : Received Hello ResponseSub RuleGeneral Hello MessageInformation
PIX-X-718015 : Received Hello RequestSub RuleGeneral Hello MessageInformation
PIX-X-718027 : Received Unexpected Keepalive ReqSub RuleGeneral Keep-Alive MessageInformation
PIX-X-718032 : Received OOS IndicatorSub RuleGeneral OOS MessageInformation
PIX-X-718031 : Received OOS ObituarySub RuleGeneral OOS MessageInformation
PIX-X-718030: Received OOSSub RuleGeneral OOS MessageInformation
PIX-X-718039 : Process Dead PeerSub RuleDead Peer DetectedInformation
PIX-X-719002 : Email Proxy Session Pointer TerminatedSub RuleSession Terminated Due to ErrorError
PIX-X-719004 : Email Proxy Session Pointer EstablishedSub RuleGeneral Email Proxy MessageInformation
PIX-X-719003 : Email Proxy Session Pointer FreedSub RuleGeneral Email Proxy MessageInformation
PIX-X-308001 : Console Enable Password IncorrectSub RuleConsole Enable FailedWarning
PIX-X-713184 : Client Type And VersionSub RuleGeneral Version InformationInformation
PIX-X-606001 : PDM Session StartedSub RuleProcess/Service StartingStartup and Shutdown
PIX-X-606004 : PDM Logging Session TerminatedSub RuleProcess/Service StoppingStartup and Shutdown
PIX-X-113019 : Session Disconnected - UnknownSub RuleSession DisconnectedOther Audit Success
PIX-X-113019 : Session Disconnected - PreemptedSub RuleSession DisconnectedOther Audit Success
PIX-X-113019 : Session Disconnected - Phase 2Sub RuleSession DisconnectedOther Audit Success
PIX-X-113019 : Session Disconnected - ReconnectedSub RuleSession DisconnectedOther Audit Success
PIX-X-113019 : Session Disconnected - Address ChangedSub RuleSession DisconnectedOther Audit Success
PIX-X-113019 : Session Disconnected - Lost ServiceSub RuleSession DisconnectedOther Audit Success
PIX-X-113019 : Session Disconnected - Admin ResetSub RuleSession DisconnectedOther Audit Success
PIX-X-113019 : Session Disconnected - User RequestSub RuleSession DisconnectedOther Audit Success
PIX-X-199001 : Reload Command ExecutedSub RuleCommand ExecutedAccess Success
PIX-X-113019 : Session Disconnected - Idle TimeoutSub RuleConnection Timed OutNetwork Traffic
PIX-X-304001 : URL AccessSub RuleObject AccessedAccess Success
PIX-X-713228 : Private IP Assigned to Remote UserSub RulePrivate IP Assigned to Remote UserNetwork Traffic
PIX-X-737006 : Pool Request Succeeded for GroupSub RulePool Request Succeeded for GroupOther Audit Success
PIX-X-737007 : Pool Request Failed for GroupSub RulePool Request Failed for GroupWarning
PIX-X-737016 : Local Pool Address FreedSub RuleLocal Pool Address FreedInformation
PIX-X-737026 : IP Address Assigned to ClientSub RuleIP Address Assigned to ClientNetwork Traffic
ASA-6-713172 : NAT Autodetect StatusSub RuleGeneral Warning Log MessageWarning
PIX-X-611307 : Head EndSub RuleUser LogonAuthentication Success
PIX-X-309002 : Permitted Manager ConnectionSub RuleUser LogonAuthentication Success
PIX-X-307002 : Permitted Telnet LoginSub RuleUser LogonAuthentication Success
PIX-X-111006 : Console LoginSub RuleUser LogonAuthentication Success
PIX-X-611309 : Disconnecting from Head EndSub RuleUser LogoffAuthentication Success
PIX-X-214001 : Terminating Manager SessionSub RuleUser LogoffAuthentication Success
PIX-X-611318 : User Authentication EnabledSub RuleAuthentication ActivityAuthentication Success
PIX-X-611310: Xauth SucceededSub RuleAuthentication ActivityAuthentication Success
PIX-X-611311 : Xauth FailedSub RuleUser Logon FailureAuthentication Failure
PIX-X-309001 : Denied Manager ConnectionSub RuleUser Logon FailureAuthentication Failure
PIX-X-307003 : Telnet Login FailedSub RuleUser Logon FailureAuthentication Failure
PIX-X-307001 : Denied Telnet LoginSub RuleUser Logon FailureAuthentication Failure
PIX-X-409003 : Invalid PacketSub RuleProtocol AnomalyAttack
PIX-X-111005 : End ConfigurationSub RuleConfiguration Modified : Network AccessConfiguration
PIX-X-111004 : End ConfigurationSub RuleConfiguration Modified : Network AccessConfiguration
PIX-X-111001 : Begin ConfigurationSub RuleConfiguration Enabled : Network AccessConfiguration
PIX-X-111002 : Begin ConfigurationSub RuleConfiguration Loaded : Network AccessConfiguration
PIX-X-111003 : Erase ConfigurationSub RuleConfiguration Deleted : Network AccessConfiguration
PIX-3-610002 : NTP Packet Failed AuthenticationSub RuleSuspicious ActivitySuspicious
PIX-X-107002 : RIP Packet FailedSub RuleSuspicious ActivitySuspicious
ASA-5-713201 - Duplicate Packet DetectedSub RuleDuplicate PacketError
PIX-X-610001 : NTP Packet DeniedSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-605001 : HTTP Connection DeniedSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-407001 : Deny TrafficSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-315001 : Denied SSH SessionSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-313001 : Denied ICMPSub RuleTraffic Denied by Network FirewallNetwork Deny
LU Create Static XLate FailedSub RuleTraffic Denied by Network FirewallNetwork Deny
ASA-4-313001 : Denied ICMP PacketSub RuleTraffic Denied by Network FirewallNetwork Deny
Pattern 4 : PIX TrafficBase RuleNetwork TrafficNetwork Traffic

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData Type
N/A<vmid>Number
N/A<severity>Number
N/A<sip>Number
N/A<dip>Number
N/A<sport>Number
N/A<sinterface>Text/String
N/A<login>Text/String
N/A<protname>Text/String
N/A<object>Text/String
N/A<group>Text/String
N/A<command>Text/String
N/A<reason>Text/String
N/A<duration>Number
N/A<bytesin>Number
N/A<bytesout>Number
N/A<tag1>Text/String




JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close